CN108471402B - Internet of things identity authentication method based on joint secret number anonymity - Google Patents

Abstract

The invention relates to the field of identity authentication of Internet of things, and discloses an identity authentication method of Internet of things based on anonymous connector secret number, which comprises the following steps: step 1, adopting a secure secret number negotiation and secure multi-party calculation method to protect the integrity anonymity of node joint secret number information to other participating nodes and finish trust credential calculation; and 2, completing identity authentication by means of a Sender algorithm executed by the Sender and a Receiver algorithm executed by the Receiver. The Internet of things identity authentication method based on the joint password anonymity can safely and quickly complete multi-node bidirectional identity authentication in the Internet of things environment, ensure the anonymity of key information of nodes and save the calculation cost in the authentication process.

Description

Internet of things identity authentication method based on joint secret number anonymity

Technical Field

The invention relates to the field of identity authentication of the Internet of things, in particular to an identity authentication method of the Internet of things based on joint secret number anonymity.

Background

The Internet of Things (Internet of Things, IoT for short), Kevin Ahs-ton, the institute of technology, ma province, was first proposed in 1999, and is a generalized Internet, that is, an Internet of interconnected objects and Things. The application of the internet of things covers multiple fields of life and production of people, such as agricultural internet of things, industrial internet of things, internet of things medical treatment, smart cities and the like, and the internet of things technology is an important component of a new-generation information technology and greatly promotes the development of social informatization. The internet of things is a product of continuous development of the internet, and can complete interconnection and intercommunication between objects through sensing technologies such as a radio frequency technology, intelligent sensing, pervasive computing and the like, but the core of the internet of things is still a network, so that network threats in the internet also exist in the environment of the internet of things, and meanwhile, the internet of things is complex and diverse and has a large number of nodes, so that the internet of things can face a more serious safety problem.

The safe multi-party computing technology can protect user data information from being known by other participating users, meanwhile, multi-party computing can be completed, and anonymity of the user data information can be well completed through the technology. The RSA encryption algorithm is the most common signature encryption algorithm, and is usually used to encrypt only some key data information, such as symmetric key, digest information, etc., due to its complicated calculation. Against the development of cryptography, elliptic curve Encryption (ECC) algorithms have been proposed, which are more secure than RSA algorithms because of the same bit number key, so people prefer to use ECC algorithms to encrypt critical information. The message digest computing technology is also called Hash computing (Hash) technology, and can select corresponding data bits for data with indefinite length according to a certain rule to form data with fixed length, and the common bit length is 160, 224, 256, 384, 512 and the like.

The main modes of the safety scheme of the identity authentication of the internet of things can be divided into two types: one is to adopt a trusted third party service, and the third party provides the trusted service so as to confirm the validity of the request object; the other scheme is an authentication scheme without a trusted third party, and the scheme is a bidirectional identity authentication scheme without the trusted third party. Mahallel et al propose an access control model based on node capabilities, where a node can access related resources according to its own rights, and the model combines an access control policy of the node to determine the validity of the node identity; zhang et al propose an identity authentication method based on geographic location, this authentication method adopts and calculates one's own credibility with the adjacent credible node number of one's own in certain distance range, neglect the privacy protection to node position information, do not analyze how should attack the node appear in certain range around the node and deal with; reddy et al propose a mobile node identity authentication scheme based on an elliptic curve encryption and decryption method, but have the defect of man-in-the-middle attack, and node information is easily revealed, which is pointed out by Niu et al and improved to achieve the anonymity effect.

The identity authentication technology is an effective node legislative method, common identity authentication methods comprise passwords, biological characteristics, smart cards and the like, and different application scenarios have different identity authentication mechanisms. In order to ensure the security of the internet of things system, the node identity in the internet of things system structure needs to be verified, so that illegal node intrusion, data interception of the illegal nodes and other various network attacks are prevented. The Internet of things structure framework comprises various nodes which can be divided into terminal point nodes and network nodes according to the structure hierarchy of the Internet of things, wherein the terminal nodes comprise mobile terminals, PC terminals, sensing terminals (various data sensing sensors), cloud server terminals and the like; the network nodes comprise a convergence gateway of the sensor network, a communication network route, a different network convergence gateway and the like. The node identity authentication is to ensure the validity of all nodes in the whole internet of things environment so as to resist illegal node intrusion and other illegal behaviors.

The basic technology and the information security technology of the internet of things are introduced simply, and the advantages and the disadvantages of the identity authentication scheme of the internet of things in recent years are explained simply. Comprehensive analysis shows that the current node identity authentication scheme of the internet of things has the following defects: depending on the online service authentication, the authentication calculation cost is high, the key information is leaked, and the like.

Disclosure of Invention

The invention aims to provide an Internet of things identity authentication method based on joint password anonymity, which can safely and quickly complete multi-node bidirectional identity authentication in an Internet of things environment, ensure node key information anonymity and save the calculation cost in the authentication process.

In order to achieve the purpose, the invention provides an Internet of things identity authentication method based on joint password anonymity, which comprises the following steps:

step 1, adopting a secure secret number negotiation and secure multi-party calculation method to protect the integrity anonymity of node joint secret number information to other participating nodes and finish trust credential calculation;

and 2, completing identity authentication by means of a Sender algorithm executed by the Sender and a Receiver algorithm executed by the Receiver.

Preferably, in step 1,

s1, the strange participating node broadcasts the public key in a security scene, receives other node public keys, and records the public keys in the node directory record table PUCT, so that the validity of the node signature can be conveniently verified in the public scene;

s2, the node initializes the joint password information, randomly divides all elements in the joint password into n partial tuples PT [ n ] according to the number n of the participated nodes, randomly selects the partial tuples PT [ k ] as own private information, k belongs to an integer of [0, n-1], the private information does not carry out communication processing, only participates in the calculation of the node partial result PR inside the node, carries out communication processing on other partial tuples PT [ i ] nodes, is received by other nodes and calculates partial results PR, i is not equal to k;

s3, each node sends partial tuples PT [ i ] to all other participating nodes, receives partial tuples PT [ j ] of all other nodes, j belongs to [0, n-2], the partial tuples PT [ j ] are from different nodes represented by different j values, partial results PR are calculated through the following formula,

s4, each node sends partial calculation result PR [ k ] to all other participating nodes and receives partial result PR [ j ] of other nodes, all partial calculation results calculate total result WR by adopting addition, multiplication or other complex calculation methods, and the total result WR is used as trust credential CR,

wherein PR [ k ] represents the node's own partial result, and PR [ j ] represents the result from other nodes.

Preferably, in step 2, the step of the Sender algorithm executed by the Sender includes:

s5, all participating nodes finish multi-party secret number negotiation, the nodes have the same trust credential CR and all participating node directory record tables PUCT, and the trust credential CR and all participating node directory record tables PUCT are input;

s6, if the node is in idle state, it can initiate authentication request, and set the node type as sending type, if the node is in processing state, it can set the node as receiving type;

s7, judging the node type, if the node type is the sending type, the node type is true, and executing the step 8; if not, false, executing step 9;

s8, executing a Sender algorithm, completing Sender authentication processing, and executing S10;

s9, executing a Receiver algorithm to finish the authentication processing of a Receiver, and executing S10;

s10, if the authentication is passed, executing S14; if the authentication is not passed, S11 is performed;

s11, adding the request node information into the illegal node record table _ PUCT, recording the illegal node information, resisting the illegal node authentication request, saving the calculation cost, if the authentication request is sent, firstly judging whether the node is in the illegal node record, if so, directly discarding the request, otherwise, continuing the processing, and executing S14;

s12, judging the number of illegal nodes, executing S13 when the number of newly added illegal nodes reaches a certain number, informing other nodes of new illegal node information, otherwise executing S14;

s13, broadcasting the illegal node information to other participating nodes _ PUCT, restraining the illegal node authentication requests and saving network resources;

and S14, judging whether all nodes in all participating node directory record tables PUCT complete authentication, if no strange node exists in all participating node directory record tables PUCT, returning True to complete authentication, otherwise, executing S6.

Preferably, in step 2, the method of the Sender algorithm executed by the Sender includes:

s15, the node inputs the trust certificate CR and all the participating node directory record tables PUCT;

s16, the node generates a Random number N1 according to a system Random function Random (), generates a counter T1 equal to 1, if the authentication request fails, T1 equal to T1+1, if T1< T does not hold, waits for a period of time, makes T1 equal to 1, and continues to send the authentication request;

s17, the node uses the trust credential CR and the node private key to calculate m by abstracting (CR | | N1| | t1) through a software abstraction calculation and signature interface or a hardware interface, signs the m1 by using the node private key, and executes S18;

the node calls a software or hardware Hash interface to calculate the digest information m as Hash (CR | | | N1| | t1), the node private key sk is used for carrying out encryption calculation on m to generate m1, and the next step S18 is executed;

s18, sending authentication data (m1, N1, t1), showing the validity of the identity to the receiver, and entering S19;

s19, waiting for the response information (m2, N2, t2) of the receiving node;

s20, after receiving the response, if T2< T is satisfied with the following formula, the response is valid, the signature is correct and the node is legal, wherein N1 indicates that the response corresponds to the request;

E_{Receiver pk}(m2)＝Hash(CR||N1||N2||t2)；

s21, after both sides pass the verification, the sending node establishes the session key sessionKey safely according to the N2, the self trust certificate CR and the random number N1 in the authentication message;

sessionKey＝Hash(CR||N1||N2)。

preferably, in step 2, the Receiver algorithm executed by the Receiver includes:

s22, the node inputs the trust certificate CR and all the participating node directory record tables PUCT;

s23, waiting for the response information (m1, N1, t1) of the receiving node;

s24: after receiving the response, if T1< T, the request is valid, otherwise the request is invalid; if the following formula is true, the identity node of the sender is legal, S25 is executed, otherwise, the node is illegal, and False is returned;

E_{Sender pk}(m1)＝Hash(CR||N1||t1)；

s25, the node generates a Random number N2 according to the system Random function Random (), generates a counter t2 equal to 1, and if the authentication response fails, t2 equal to t2+ 1; if T2< T is not true, waiting for a period of time, and keeping T2 equal to 1 and continuing to send the authentication response;

s26, the node uses the trust credential CR and the node private key sk to calculate m by abstracting (CR | | | N1| | N2| | | t2) through a software abstraction calculation and signature interface or a hardware interface, and executes S27 by using the node private key signature as m 2;

the node calls a software or hardware Hash interface to calculate the digest information m-Hash (CR | | | N1| | N2| | | t2), the node private key sk is used for carrying out encryption calculation on m to generate m2, and the next step S27 is executed;

s27, sending authentication data (m2, N2, t2) and explaining the identity validity of the sending node;

s28: after the two parties pass the verification, the receiving node safely establishes a session key sessionKey according to the following formula according to N1, the self-trusted certificate CR and the random number N2 in the authentication message;

sessionKey＝Hash(CR||N1||N2)。

through the technical scheme, the integrity of the joint password is anonymous, joint password initialization operation randomly divides joint password elements into a plurality of tuples, and one tuple is reserved as private information, so that participating nodes cannot acquire the complete joint password information of other nodes; in the authentication process of the two parties, 1 round of communication is used for completing the authentication of the two parties; when the session key is established, the key session key establishment information is embedded into the authentication message, so that the communication overhead for constructing the session key is reduced; the invention supports the bidirectional identity authentication among a plurality of nodes, can also finish the identity authentication among the plurality of nodes in a public off-line scene, filters illegal nodes and saves calculation cost.

Additional features and advantages of the invention will be set forth in the detailed description which follows.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:

FIG. 1 is a multi-party cipher negotiation flow diagram illustrating a preferred embodiment of the present invention;

FIG. 2 is a block diagram illustrating a two-party combination negotiation architecture in accordance with a preferred embodiment of the present invention;

FIG. 3 is a block diagram illustrating a multi-party cipher negotiation architecture in accordance with a preferred embodiment of the present invention;

FIG. 4 is a flow diagram illustrating multi-party identity authentication based on splice number anonymization in accordance with a preferred embodiment of the present invention;

FIG. 5 is a block diagram of a two-party identity authentication protocol in accordance with a preferred embodiment of the present invention;

FIG. 6 is a flow chart of the Sender algorithm execution in the identity authentication process based on the anonymity of the splice secret number according to a preferred embodiment of the present invention; and

fig. 7 is a flow chart of the execution of the Receiver algorithm of the identity authentication process based on the anonymity of the splice secret number in the preferred embodiment of the present invention.

Detailed Description

The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.

The invention provides an Internet of things identity authentication method based on joint password anonymity, which comprises the following steps:

step 1, adopting a secure secret number negotiation and secure multi-party calculation method to protect the integrity anonymity of node joint secret number information to other participating nodes and finish trust credential calculation;

and 2, completing identity authentication by means of a Sender algorithm executed by the Sender and a Receiver algorithm executed by the Receiver.

The identity authentication method of the Internet of things based on the anonymous joint password can safely and efficiently complete the identity authentication of two-way nodes among a plurality of nodes in an actual application scene, is more suitable for the complex Internet of things environment, is suitable for the identity authentication of two or more parties with higher requirements on node privacy, and is suitable for the online or offline network environment.

The signature of the elliptic curve encryption algorithm used in the invention can be realized by hardware, and then the signature chip is embedded into the node equipment of the Internet of things, or a software realization mode can be adopted, wherein the hardware realization has the characteristics of high signature and signature verification calculation speed, strong specificity and the like, the software realization needs to consume certain calculation resources and storage resources of the equipment of the Internet of things, and the specific realization mode can be selected according to actual needs.

The message digest calculation can be realized by adopting a Hash interface of an Internet of things equipment system or user-defined software or hardware, if the message digest calculation is realized by adopting hardware, the Hash interface and the user-defined software or hardware can be designed into a safety chip by combining a signature algorithm, so that the calculation speed can be improved, and the physical space can be saved; .

The method is applied to the Internet of things equipment, and each equipment needs a certain safe storage space for storing the connector secret number, the participation node directory table and the illegal node directory record table.

In one embodiment of the present invention, in step 1,

s1, the strange participating node broadcasts the public key in a security scene, receives other node public keys, and records the public keys in the node directory record table PUCT, so that the validity of the node signature can be conveniently verified in the public scene;

s2, the node initializes the joint password information, randomly divides all elements in the joint password into n partial tuples PT [ n ] according to the number n of the participated nodes, randomly selects the partial tuples PT [ k ] as own private information, k belongs to an integer of [0, n-1], the private information does not carry out communication processing, only participates in the calculation of the node partial result PR inside the node, carries out communication processing on other partial tuples PT [ i ] nodes, is received by other nodes and calculates partial results PR, i is not equal to k;

s3, each node sends partial tuples PT [ i ] to all other participating nodes, receives partial tuples PT [ j ] of all other nodes, j belongs to [0, n-2], the partial tuples PT [ j ] are from different nodes represented by different j values, partial results PR are calculated through the following formula,

s4, each node sends partial calculation result PR [ k ] to all other participating nodes and receives partial result PR [ j ] of other nodes, all partial calculation results calculate total result WR by adopting addition, multiplication or other complex calculation methods, and the total result WR is used as trust credential CR,

wherein PR [ k ] represents the node's own partial result, and PR [ j ] represents the result from other nodes.

The steps S1 to S4 of multi-party password negotiation in the security scenario describe a specific process of multi-party password negotiation in an internet of things distributed node environment, and when the internet of things device is specifically implemented, S1 to S4 need to be specifically analyzed and implemented, fig. 2 describes a specific example of multi-party password negotiation of 2 participating nodes, and fig. 3 describes a specific example of multi-party password negotiation of 4 participating nodes.

In an embodiment of the present invention, in step 2, the step of the Sender executing the Sender algorithm includes:

s5, all participating nodes finish multi-party secret number negotiation, the nodes have the same trust credential CR and all participating node directory record tables PUCT, and the trust credential CR and all participating node directory record tables PUCT are input;

s6, if the node is in idle state, it can initiate authentication request, and set the node type as sending type, if the node is in processing state, it can set the node as receiving type;

s7, judging the node type, if the node type is the sending type, the node type is true, and executing the step 8; if not, false, executing step 9;

s8, executing a Sender algorithm, completing Sender authentication processing, and executing S10;

s9, executing a Receiver algorithm to finish the authentication processing of a Receiver, and executing S10;

s10, if the authentication is passed, executing S14; if the authentication is not passed, S11 is performed;

s11, adding the request node information into the illegal node record table _ PUCT, recording the illegal node information, resisting the illegal node authentication request, saving the calculation cost, if the authentication request is sent, firstly judging whether the node is in the illegal node record, if so, directly discarding the request, otherwise, continuing the processing, and executing S14;

s12, judging the number of illegal nodes, executing S13 when the number of newly added illegal nodes reaches a certain number, informing other nodes of new illegal node information, otherwise executing S14;

s13, broadcasting the illegal node information to other participating nodes _ PUCT, restraining the illegal node authentication requests and saving network resources;

and S14, judging whether all nodes in all participating node directory record tables PUCT complete authentication, if no strange node exists in all participating node directory record tables PUCT, returning True to complete authentication, otherwise, executing S6.

The secure two-party identity authentication protocol is shown in fig. 5, and safely and quickly completes secure two-way identity authentication between two nodes, and is also an important component of secure multi-party identity authentication, including a Sender algorithm executed by a Sender and a Receiver algorithm executed by a Receiver, as shown in fig. 6 and 7.

In an embodiment of the present invention, in step 2, the method of the Sender algorithm executed by the Sender may include:

s15, the node inputs the trust certificate CR and all the participating node directory record tables PUCT;

s16, the node generates a Random number N1 according to a system Random function Random (), generates a counter T1 equal to 1, if the authentication request fails, T1 equal to T1+1, if T1< T does not hold, waits for a period of time, makes T1 equal to 1, and continues to send the authentication request; the authentication request is continuously sent, the counter effectively enhances the authentication stability of the distributed environment of the nodes of the Internet of things, simultaneously overcomes the time synchronization problem of the distributed environment and effectively resists the replay attack of illegal nodes;

s17, the node uses the trust credential CR and the node private key to calculate m by abstracting (CR | | N1| | t1) through a software abstraction calculation and signature interface or a hardware interface, signs the m1 by using the node private key, and executes S18;

the node calls a software or hardware Hash interface to calculate the digest information m as Hash (CR | | | N1| | t1), the node private key sk is used for carrying out encryption calculation on m to generate m1, and the next step S18 is executed;

s18, sending authentication data (m1, N1, t1), showing the validity of the identity to the receiver, and entering S19;

s19, waiting for the response information (m2, N2, t2) of the receiving node;

s20, after receiving the response, if T2< T is satisfied with the following formula, the response is valid, the signature is correct and the node is legal, wherein N1 indicates that the response corresponds to the request;

E_{Receiver pk}(m2)＝Hash(CR||N1||N2||t2)；

s21, after both sides pass the verification, the sending node establishes the session key sessionKey safely according to the N2, the self trust certificate CR and the random number N1 in the authentication message;

sessionKey＝Hash(CR||N1||N2)。

in an embodiment of the present invention, in step 2, the step of the Receiver algorithm executed by the receiving side may include:

s22, the node inputs the trust certificate CR and all the participating node directory record tables PUCT;

s23, waiting for the response information (m1, N1, t1) of the receiving node;

s24: after receiving the response, if T1< T, the request is valid, otherwise the request is invalid; if the following formula is true, the identity node of the sender is legal, S25 is executed, otherwise, the node is illegal, and False is returned;

E_{Sender pk}(m1)＝Hash(CR||N1||t1)；

s25, the node generates a Random number N2 according to the system Random function Random (), generates a counter t2 equal to 1, and if the authentication response fails, t2 equal to t2+ 1; if T2< T is not true, waiting for a period of time, and keeping T2 equal to 1 and continuing to send the authentication response;

s26, the node uses the trust credential CR and the node private key sk to calculate m by abstracting (CR | | | N1| | N2| | | t2) through a software abstraction calculation and signature interface or a hardware interface, and executes S27 by using the node private key signature as m 2;

the node calls a software or hardware Hash interface to calculate the digest information m-Hash (CR | | | N1| | N2| | | t2), the node private key sk is used for carrying out encryption calculation on m to generate m2, and the next step S27 is executed;

s27, sending authentication data (m2, N2, t2) and explaining the identity validity of the sending node;

s28: after the two parties pass the verification, the receiving node safely establishes a session key sessionKey according to the following formula according to N1, the self-trusted certificate CR and the random number N2 in the authentication message;

sessionKey＝Hash(CR||N1||N2)。

according to the method, the scene characteristics of the Internet of things are comprehensively considered, firstly, the node joint password information is divided into a data structure form of a plurality of partial tuples by combining a user privacy information anonymization method, password negotiation among a plurality of nodes is completed by a method for ensuring the privacy information to be complete and anonymous by partial information safety, and node legal basis is provided for multi-node identity authentication; secondly, combining with the Internet of things identity authentication technology research, dividing the multi-node identity authentication problem in the distributed network environment of the Internet of things into the safety identity authentication problem between two nodes, simplifying the problem is difficult, when designing safe two-party identity authentication, a procedure of completing identity through one round of communication is designed, the communication consumption of completing identity authentication through multiple rounds of communication is saved, meanwhile, the message digest calculation is adopted during the identity verification, the length of authentication information is greatly reduced, the node identity validity verification is rapidly completed, the counter is used in the environment of the Internet of things, the problem of time synchronization of the environment of the Internet of things is effectively solved, the purpose of inhibiting replay attack is achieved, when the session key is constructed, a mechanism that the key information of the session key is embedded into the authentication message is adopted, so that the communication consumption of independently establishing the session key is saved, and the speed and the reliability of information transmission are increased; finally, under the basic support of the identity authentication of the two safe parties, the safe identity authentication among a plurality of nodes in the environment of the Internet of things is creatively completed. The invention simplifies the calculation cost and the communication cost in the identity authentication process on the premise of safely finishing the identity authentication among a plurality of nodes in the environment of the Internet of things.

The safe multi-party identity authentication is not limited to the offline scene of the internet of things, and can also be applied to online service authentication, such as mobile internet, P2P network, car networking and the like.

The preferred embodiments of the present invention have been described in detail with reference to the accompanying drawings, however, the present invention is not limited to the specific details of the above embodiments, and various simple modifications can be made to the technical solution of the present invention within the technical idea of the present invention, and these simple modifications are within the protective scope of the present invention.

It should be noted that the various technical features described in the above embodiments can be combined in any suitable manner without contradiction, and the invention is not described in any way for the possible combinations in order to avoid unnecessary repetition.

In addition, any combination of the various embodiments of the present invention is also possible, and the same should be considered as the disclosure of the present invention as long as it does not depart from the spirit of the present invention.

Claims (1)

1. An Internet of things identity authentication method based on joint password anonymity is characterized by comprising the following steps:

step 1, adopting a secure secret number negotiation and secure multi-party calculation method to protect the integrity anonymity of node joint secret number information to other participating nodes and finish trust credential calculation;

2, the identity authentication is completed by means of a Sender algorithm executed by a Sender and a Receiver algorithm executed by a Receiver;

in the step 1, the process is carried out,

s1, the strange participating node broadcasts the public key in a security scene, receives other node public keys, and records the public keys in the node directory record table PUCT, so that the validity of the node signature can be conveniently verified in the public scene;

s2, the node carries out initialization operation on the joint password information, all elements in the joint password are randomly divided into n partial tuples PT [ n-1] according to the number n of the participating nodes, the partial tuples PT [ k ] are randomly selected as own private information, k belongs to an integer of [0, n-1], the private information is not subjected to communication processing, only the partial result PR of the participating nodes in the node is calculated, the other partial tuples PT [ i ] are subjected to communication processing, and are received by other nodes and calculate partial results PR, i is not equal to k;

s3, each node sends partial tuples PT [ i ] to all other participating nodes, receives partial tuples PT [ j ] of all other nodes, j belongs to [0, n-2], the partial tuples PT [ j ] are from different nodes represented by different j values, partial results PR are calculated through the following formula,

s4, each node sends partial calculation result PR [ k ] to all other participating nodes and receives partial result PR [ j ] of other nodes, all partial calculation results calculate total result WR by adopting addition, multiplication or other complex calculation methods, and the total result WR is used as trust credential CR,

wherein, PR [ k ] represents the partial result of the node itself, and PR [ j ] represents the result from other nodes;

in step 2, the Sender executes a Sender algorithm including the steps of:

s5, all participating nodes finish multi-party secret number negotiation, the nodes have the same trust credential CR and all participating node directory record tables PUCT, and the trust credential CR and all participating node directory record tables PUCT are input;

s6, if the node is in idle state, it can initiate authentication request, and set the node type as sending type, if the node is in processing state, it can set the node as receiving type;

s7, judging the node type, if the node type is the sending type, the node type is true, and executing S8; if not, false, go to S9;

s8, executing a Sender algorithm, completing Sender authentication processing, and executing S10;

s9, executing a Receiver algorithm to finish the authentication processing of a Receiver, and executing S10;

s10, if the authentication is passed, executing S14; if the authentication is not passed, S11 is performed;

s11, adding the request node information into the illegal node record table _ PUCT, recording the illegal node information, resisting the illegal node authentication request, saving the calculation cost, if the authentication request is sent, firstly judging whether the node is in the illegal node record, if so, directly discarding the request, otherwise, continuing the processing, and executing S14;

s12, judging the number of illegal nodes, executing S13 when the number of newly added illegal nodes reaches a certain number, informing other nodes of new illegal node information, otherwise executing S14;

s13, broadcasting the illegal node information to other participating nodes _ PUCT, restraining the illegal node authentication requests and saving network resources;

s14, judging whether all nodes in all participating node directory record tables PUCT complete authentication, if all participating node directory record tables PUCT have no strange nodes, returning True to complete authentication, otherwise executing S6;

in step 2, the Sender executes a Sender algorithm method, which includes:

s15, the node inputs the trust certificate CR and all the participating node directory record tables PUCT;

s16, the node generates a Random number N1 according to a system Random function Random (), generates a counter T1 equal to 1, if the authentication request fails, T1 equal to T1+1, if T1< T does not hold, waits for a period of time, makes T1 equal to 1, and continues to send the authentication request;

s17, the node calls the software or hardware Hash interface to calculate the abstract information m_aHash (CR | | N1| | t1), m is keyed using the sending node private key sk1_aCryptographic calculation yields m1, and the next step S18 is performed;

s18, sending authentication data (m1, N1, t1), showing the validity of the identity to the receiver, and entering S19;

s19, waiting for the response information (m2, N2, t2) of the receiving node;

s20, after receiving the response, if T2< T is satisfied with the following formula, the response is valid, the signature is correct and the node is legal, wherein N1 indicates that the response corresponds to the request;

E_{Receiver pk}(m2)＝Hash(CR||N1||N2||t2)； (3)

s21, after both sides pass the verification, the sending node establishes the session key sessionKey safely according to the N2, the self trust certificate CR and the random number N1 in the authentication message;

sessionKey＝Hash(CR||N1||N2)； (4)

in step 2, the Receiver algorithm executed by the Receiver includes:

s22, the node inputs the trust certificate CR and all the participating node directory record tables PUCT;

s23, receiving the authentication data (m1, N1, t1) of the sending node;

s24, after receiving the data, if T1< T, the request is valid, otherwise the request is invalid; if the following formula (5) is true, the identity node of the sender is legal, S25 is executed, otherwise, the node is illegal, and False is returned;

E_{Sender pk}(m1)＝Hash(CR||N1||t1)； (5)

s25, the node generates a Random number N2 according to the system Random function Random (), generates a counter t2 equal to 1, and if the authentication response fails, t2 equal to t2+ 1; if T2< T is not true, waiting for a period of time, and keeping T2 equal to 1 and continuing to send the authentication response;

s26, the node calls the software or hardware Hash interface to calculate the abstract information m_bHash (CR | | N1| | N2| | | t2), m is keyed using the accepting node private key sk2_bCryptographic calculation yields m2, and the next step S27 is executed;

s27, sending authentication data (m2, N2, t2) and explaining the identity validity of the sending node;

s28, after both parties pass the verification, the receiving node establishes a session key sessionKey safely according to the following formula according to N1, the self-trusted certificate CR and the random number N2 in the authentication message;

sessionKey＝Hash(CR||N1||N2)。

Images